Vol 3, No 1 (2012)

AUTHENTIC KEY TRANSPORT IN SYMMETRIC CRYPTOGRAPHIC PROTOCOLS

USING SOME ELLIPTIC CURVES OVER FINITE FIELDS

D. Sravan Kumar

1

, CH. Suneetha

2*

and A. Chandrasekhar

3

1

Reader in Physics, SVLNS Government College, Bheemunipatnam, India E-mail: [email protected]

2

Assistant Professor in Engineering Mathematics, GITAM University, Visakhapatnam, India E-mail: [email protected]

3

Professor in Engineering Mathematics, GITAM University, Visakhapatnam, India E-mail: [email protected]

(Received on: 20-12-11; Accepted on: 09-01-12)

________________________________________________________________________________________________

ABSTRACT

C

ryptology is the study of techniques for ensuring the secrecy and authentication of the information. Public –key encryption schemes are secure only if the authenticity of the public-key is assured. Elliptic curve arithmetic can be used to develop a variety of elliptic curve cryptography (ECC) schemes including key exchange, encryption and digital signature. The principal attraction of elliptic curve cryptography compared to RSA is that it offers equal security for a smaller key-size, thereby reducing the processing overhead. In the present paper a new technique of autheitic key transport using elliptic curve cryptography is proposed.

Key Words:- Elliptic Curve Cryptography, public-key, secret key, encryption, decryption.

________________________________________________________________________________________________

INTRODUCTION:

The study of elliptic curves by algebraists, algebraic geometers and number theorists dates back to the middle of the nineteenth century. Elliptic Curve Cryptography (ECC) was discovered in 1985 by Neil Koblitz and Victor Miller [9, 11]. Elliptic Curve Cryptography (ECC) schemes are public-key mechanisms that provide the same functionality as RSA schemes. However, their security is based on the hardness of a different problem, namely the Elliptic Curve Discrete Logarithmic Problem (ECDLP). Most of the products and standards that use public-key cryptography for encryption and digital signatures use RSA schemes. The competing system to RSA is elliptic curve cryptography and the principal attraction of elliptic curve cryptography; is that it offers same level of security for smaller key size [8]. An elliptic curve E over a field R of real numbers is defined by an equation

E y

:

2

+

a xy

₁

+

a y

₃

=

x

3

+

a x

₂ 2

+

a x

₄

+

a

₆

(1)

Here a1, a2, a3 , a4, a6 are real numbers belong to R, x and y take on values in the real numbers. If L is an extension field

of real numbers, then the set of L-rational points on the elliptic curve E is

2 3 2

1 3 2 4 6

( ) {( , )

:

0} { }

E L

=

x y

∈

LXL y

+

a xy

+

a y

−

x

−

a x

−

a x a

−

=

∪ ∞

where

∞

the point is at infinity.

Equation (1) is called Weierstrass equation. Sometimes E can also be defined over the field of real numbers. If E is defined over the field of integers K, then E is also defined over any extension field of K. The condition

≠

0

ensures that the elliptic curve is “smooth”. i.e., there are no points at which the curve has two or more distinct tangent lines. The point

∞

is the only point on the line at infinity that satisfies the projective form of the Weierstrass equation [1, 7, 11]. In the present paper for the purpose of the encryption and decryption using elliptic curves it is sufficient to consider the

equation of the form

y

2

=

x

3

+

ax b

+

. For the given values of a and b the plot consists of positive and negative values of y for each value of x. Thus this curve is symmetric about the x-axis.

GROUP LAWS OF E (K):

Let Ep(a, b) be an elliptic curve defined over the field of integers K. There is a chord-and-tangent rule for adding two

points in Ep(a, b), to give the third point. Together with this addition operation, the set of points of Ep(a, b) forms an

abelian group with

∞

, the point at infinity serves as identity elements.

GEOMETRIC RULES OF ADDITION:

Let P(x1, x2) and Q(x2, y2) be two points on the elliptic curve E. The sum R is defined as: First draw a line through P

and Q, this line intersects the elliptic curve at a third point. Then the reflection of this point of intersection about x-axis is R which is the sum of the points P and Q.

The same geometric interpretation also applies to two points P and –P, with the same x-coordinate. The points are joined by a vertical line, which can be viewed as also intersecting the curve at the infinity point. We therefore have P + (-P) =O, the identity element which is the point at infinity.

DOUBLING THE POINT ON THE ELLIPTIC CURVE:

First draw the tangent line to the elliptic curve at P which intersects the curve at a point. Then the reflection of this point about x-axis is R.

The addition of two points and doubling of a point are shown in the following figures 1 and 2 for the elliptic curve

y2 = x3-x.

Figure: 1 Geometric addition Figure: 2 Geometric doubling

Identity: = + P = P for all

E

_K

( , )

a b

, where O is the point at infinity.

Negatives: Let P(x, y) ∈ Ep(a, b) then(x, y) + (x,-y) = 0. Where (x,-y) is the negative of P denoted by –P.

Point addition: Let P(x1, x2), Q(x2, y2)∈ Ep(a, b) where

P

≠

Q

. Then P + Q = (x3, y3) where 2

2 1

3 1 2

2 1

y

y

x

x

x

x

x

−

=

−

−

−

and

(

)

2 1

3 1 3 1

2 1

y

y

y

x

x

y

x

x

−

=

−

−

−

Points Doubling: Let

P x y

( ,

_{1 1}

)

∈

E

_K

( , )

a b

where

P

≠ −

P

then

(

)

2

2 2

1 1

3 3 3 1 3 1 3 1

1 1

3

3

2

( ,

) where

2 and

2

2

x

a

x

a

P

x y

x

x

y

x

x

y

y

y

+

+

=

=

−

=

−

−

Point Multiplication:- Let P be any point on the elliptic curve

E

_K

( , )

a b

where K is the field of integers. Then the operation multiplication of P is defined as repeated addition.

kP

=

P

+

P

+

P

...

ktimes

ELLIPTIC CURVE CRYPTOGRAPHY:

- , / 0

applications: Prime curves over Zp and binary curves GF(2m). For a prime curve over Zp, we use a cubic equation in

which the variables and the coefficients all take on values in the set of integers from 0 through p-1 and the calculations are performed with respect to modulo p.

If two parties want to communicate the messages through public channel with absolute security, one of the means of achieving the security is using a one-time key [13]. i.e., for each communication different key is used and the key used is discarded. For authentic key exchange for each communication here we propose a method using algebra of elliptic curves. The present work demonstrates a technique of key transports protocol using elliptic curve [6, 4]. Though the key exchange using Elliptic Curve is analogous to Diffie-Hellman key exchange protocol, it is less prone to man-in-middle attacks because in this method both the users can securely transport their own secret keys for encryption/decryption of the messages in their communication through the public channel rather than partial sharing of the keys. Moreover, the encrypted key size is same as that of the unencrypted key.

ELLIPTIC CURVE DISCRETE LOGARITHMIC PROBLEM (ECDLP):

To form a cryptographic system using elliptic curve a hard problem is required. It is very hard to determine the value of k from the equation

Q = kP for known points P,Q on the elliptic curve Ep a,b) where k is a large random number less than p.

DIFFIE-HELLMAN KEY EXCHANGE PROTOCOL:

In Diffie-Hellman Key exchange algorithm both the sender and the receive exchange secret keys that can be used for subsequent encryption of the messages. In Diffie-Hellman key exchange algorithm, there are publicly known numbers: a prime number P and a number which is a primitive root of P. Suppose two users A and B want to exchange the

secret key then user A selects a number X1 and computes the secret key 1 1

mod

X

K

=

α

P

. User A communicates this

K1 to user B. Similarly user B selects a number X2 and computes ₂ 2

mod

X

K

=

α

P

and communicates this K2 to the

user A. Then the user A computes the shared secret key K as

K

=

(

K

₂

)

X1

mod

P

=

(

_α

X2

)

X1

_mod

_P

₌

_α

X X2 1

_mod

_P

Similarly the use B computes the secret key K as

K

=

(

K

₁

)

X1

mod

P

=

(

1

)

2

_mod

1 2

_mod

X

X X X

P

P

α

=

α

But Diffie-Hellman key exchange algorithm is insecure against the man-in-middle attack [2,3]. An adversary C in between A and B intercepts the message. C selects XC1 and XC2 and computes KC1 and KC2 similar to K1 and K2 . Then

he interrupts the key K1 which is being communicated to the user B by the user A , rather communicates KC1 to B.

Similarly he also interrupts the key K2 which is being communicated by the user B to the user A, rather communicates

KC2 to A.

ANALOGUE OF DIFFIE-HELLMAN KEY EXCHANGE METHOD:

The addition operation in Elliptic Curve Cryptography (ECC) is the counterpart of modular multiplication in RSA and multiple addition is the counterpart of modular exponentiation.

The exchange of key between two communicating parties Alice and Bob can also be done using elliptic curve Ep (a, b)

similar to Diffie-Hellman key exchange method. In this method Alice selects an integer sA and computes PA = sA G,

where G is the generator on the elliptic curve Ep (a, b). She communicates PA to Bob. Similarly Bob selects an integer

sB and computes PB = sB G, where G is the generator on the elliptic curve Ep (a, b). He communicates PB to Alice. Then

both Alice and Bob compute the shared secret key as K = sAx PB = sBx PA. In this method of exchange of key using

elliptic curve neither Alice nor Bob has any control over what will be the shared secret key used for encryption/decryption in their communication. Moreover, it is vulnerable to man-in-middle attack which is the basic weakness of the Diffie-Hellman key exchange protocol.

KEY TRANSPORT PROTOCOL:

A key transport protocol [1] is a key establishment protocol where one entity creates the secret key and securely transfers it to the others. A key agreement protocol is a key establishment protocol where all participating entities contribute information which is used to derive the shared secret key. There are various methods of distribution and exchange of secret keys: For example Diffie-Hellman key exchange protocol, a key agreement protocol using Elliptic Curve Cryptography etc.

PROPOSED METHOD:

Two communicating parties Alice and Bob agree upon to use the elliptic curve Ep (a, b), where p is a large prime

number or almost prime number, p should not be written as the product of small prime numbers, and the elliptic curve Ep (a, b) should not be a super singular curve or anomalous curve. They also agree upon to use a point C on the elliptic

curve Ep (a, b). Alice selects a large random number which is less than the order of Ep (a, b) and a point A on the

elliptic curve. She computes

A1 = (C +A) and A2 = A. She keeps the random number and the point A as her private keys and publishes A 1 and

A 2 as her general public keys. Similarly Bob selects a large random number and a point B on the elliptic curve. He

computes B1 = (C+B) and B 2 = B. He keeps the random number and the point B as his private keys and publishes

B 1 and B 2 as his general public keys. After publishing the public keys, the communicating parties again calculate the

following quantities and publish them as their specific public keys for each other.

Alice calculates A B = B 2 and publishes it as her specific public key for Bob calculates B A = A2 and publishes it as

his specific public key for Alice

Alice’s private key 1 = , a large random number less than the order of the generator Alice’s private key 2 = a point A on the elliptic curve Ep (a, b)

Alice’s general public key 1 = a point A 1on the elliptic curve Ep (a, b)

Alice’s general public key 2 = a point A 2 on the elliptic curve Ep (a, b)

Alice’s specific public key for Bob = a point A B on the elliptic curve Ep (a, b)

Bob’s private key 1 = , a large random number less than the order of the generator G Bob’s private key 2 = B, a point on the elliptic curve Ep (a, b)

Bob’s general public key 1 = B 1, a point on the elliptic curve Ep(a, b)

Bob’s general public key 2 = B 2, a point on the elliptic curve Ep (a, b)

Bob’s specific public key for Alice = B A, a point on the elliptic curve Ep(a, b)

Encryption: Bob selects a point S on the elliptic curve that can be used as the secret key in the process of communication with Alice. The secret key S is a pair of numbers. For conventional encryption a single number should be generated from S. The x or y coordinate of the point S or some function of x and y, say f(x, y) can be used to generate a single number.

Bob encrypts the shared secret key S as follows.

SE = A1 + AB + S

Decryption:-

Alice decrypts SE and retrieves S as S = SE – B1 – BA

The Decryption works out properly:

SE – B1 – B3 = A1 + AB + S – B1 – BA

= (A+B) + C + S – (A+C) – B

= A + B + C – A – B – B + S

= S

- , / 0

In the above graph the right lines can be drawn in xy-plane such that 1) there is no intersection between the right line and elliptic curve 2) the line intersects the elliptic curve at one point or two points or three points.

Now consider an elliptic curve ( , E37 (2,9). The points on the elliptic curve

E37 (2, 9) are {

∞

,(5,25), (1,30), (21,32), (7,25), (25,12), (4,28), (0,34), (16,17), (15,26), (27,32), (9,4),(2,24),

(26,5), (33,14), (11,17), (31,22), (13,30), (35,21), (23,7), (10,17), (29,6), (29,31), (10,20), (23,30), (35,16),(13,7), (31,15), (11,20), (33,23), (26,32),(2,13), (9,33), (27,5), (15,11), (16,20), (0,3), (4,9), (25,25), (7,12), (21,5), (1,7), (5,12),}

The graph of the function is shown in Figure 4.

Let C = (9,4). Alice selects a random number = 5, any point A = (10, 20) on the elliptic curve. She computes A 1 = (C+A) = 5[(9,4) + (10,20)] = (1,7)

A 2 = A = (33,23).

She keeps the random number and the point A on the elliptic curve as her secret keys and publishes A 1 and A 2 as her

general public keys.

Bob selects = 7, B = (11,20) on the elliptic curve. He computes B 1 = (C+B) = (11, 17)

B 2 = B = (23, 30).

He keeps the random number and the point B on the elliptic curve as his secret keys and publishes B 1 and B 2 as his

general public keys.

Alice calculates A B = B 2 = (15,11) and Bob calculates B A = A 2 = (2,13). Alice publishes A B as specific public key

Encryption of the secret key by Bob: If Bob wants to send the secret key S = (26, 32) on the elliptic curve E37 (2, 9) for encryption/decryption of a particular message then he encrypts this secret key S as SE = S + A1 + AB = (0, 34).

He sends the encrypted key to Alice.

Decryption by Alice: Alice decrypts the shared secret key as

S = SE - B1- BA = (26, 32)

CONCLUSIONS:

Public key cryptography provides solution for both the key distribution and secure information exchange. The security of the Elliptic Curve Cryptography depends on the difficulty of finding the value of k, given kP where k is a large number less than the order of the generator and P is a point on the elliptic curve. This is known as Elliptic Curve Discrete Logarithmic Problem (ECDLP). The secret key is encrypted using communicator’s private key and receiver’s public keys. At the other end the receiver decrypts it using her private key and the public key of communicator. Such protocol ensures confidentiality, authentication and non-repudiation. The elliptic curve parameter for cryptographic scheme should be chosen carefully to resist all known types of attacks on Elliptic Curve Discrete Logarithmic Problem ECDLP. The attack of exhaustive search can be circumvented by choosing elliptic curve parameters such that infeasible amount of computational overload is presented to the adversary, who can mount various types of attacks.

REFERENCES:

[1] Alfred J. Menezes and Scott A. Vanstone, “Elliptic Curve Cryptosystems and their implementations”, Journal of Cryptology, 1993, Volume-6, Number-4, pages 209-224.

[2] Anna M. Johnston, Peter S. Gemmell, “Authenticated key exchange Provably Secure Against the Man-in-Middle Attack”, Journal of Cryptology (2002) Vol. 15 Number 2 pages 139-148.

[3] Antoines Joux, “A one round protocol for Tripartite Diffie-Hellman”, Journal of Cryptology, 2004, Volume 17, Number 4, pages 263-276.

[4] Asrjen K. Lenstra and Eric R. Verheul, “Selecting Cryptographic key size”, Journal of Cryptology, 2001, Volume-14, Number 4, pages 255-293.

[5] A. Chandrasekhar et.al. “Some Algebraic Curves in public Key crypto systems”, International Journal of Ultra Scientist of Physical Sciences, 2007.

[6] Darrel Hankerson, Alfered Menezes, Scott Vanstone, “A Gide to elliptic curve Cryptography”, Springer, 2004.

[7] Enge A. “Elliptic curves and their applications to cryptography”, Norwell, MA: Kulwer Academic publishers 1999.

[8] Gura N., Shantz S., Eberle H., et al “An End-to End Systems Approach to Elliptic Curve Cryptography”, Sun Microsystems Laboratories; 2002; Retrieved May, 10, 2006, http://research.sun.com/projects/crypto

[9] V. Miller, “Uses of Elliptic curves in Cryptography”. In advances in Cryptography (CRYPTO 1985), Springer LNCS 218,417-4 26, 1985

[10] A. Miyaji. Elliptic Curves over Fp Suitable for Cryptosystems. Advances in Cryptology - AUSCRYPT '92, pp.

479{491, 1993 (Projective plane) J. Edge, “An introduction to elliptic curve cryptography”,

http://lwn.net/Articles/174127/, 2006.

[11] Neil Koblitz, “ An Elliptic Curve implementation of the finite field digital signature algorithm”, in Advances in cryptology, (CRYPTO 1998), Springer Lecture Notes in computer science, 1462, 327-337,1998.

[12] Rosing M. “Implementing elliptic curve cryptography”, Greenwich, CT: Manning publications, 1999.

[13] William Stallings, “A text book of Cryptography and Network security”, Principles and practices, Pearson education, fourth edition, 2007.